Antwort: Re: Problems Accessing Samba through a Firewall

Mathias Wohlfarth MathiasWohlfarth at bwb.org
Mon Jan 21 09:54:03 GMT 2002


Connecting through subnetworks is working fine, if you configure Samba as
Winsserver and the client to use the SambaServer as a Wins-server.
Names are resolved without the need of broadcast.
regards MW




David Collier-Brown <davecb at canada.sun.com>@lists.samba.org on 21.01.2002
18:22:29

Bitte antworten an David.Collier-Brown at Sun.COM

Gesendet von:     samba-admin at lists.samba.org


An:      heubach at heubach-edv.de
Kopie:   samba at lists.samba.org
Org.Element:
Telefon:
Thema:   Re: Problems Accessing Samba through a Firewall


heubach at heubach-edv.de wrote:

> I've got some problems with Samba 2.2.0 sitting in the DMZ behind a
> firewall.
>
> I opened ports 137/138 UDP and 139 TCP to Samba. When I try to connect
the
> Samba machine from a Windows NT 4.0 Workstation I get the error message
> "Networkpath not found". If i open all ports to the Samba host it will
work.
> After this I close all ports unless 139 TCP and it still works. But it
stops
> working after logging out and on again to the Windows NT host.


      Ok, ther's two parts to this situation:
      braodcast and unicast.

      Network neighbourhood is done using
      udp and some broadcasts: to get it to work
      you need a server on the subnet with the
      client.  If you are maing the connection via
      NN, you have to have the machine accepting udp
      and directed broadcasts at the very least!

      Browsing and acerssing individual machines,
      however, is done with tcp, purely unicast.

      If you are maing the connection via windows
      explorer (not internet explorer) or the
      net use command, that's tcp, and you need
      only a name service and tcp.
      See
http://www.oreilly.com/catalog/samba/chapter/book/ch09_02.html
      for the process of debugging it.

      A good netwrok snoop program like etherial
      will help you: tell it to just show the SMB
      packets and watch to see what ports they go to.

--dave
--
David Collier-Brown,           | Always do right. This will gratify
Performance & Engineering      | some people and astonish the rest.
Americas Customer Engineering, |                      -- Mark Twain
(905) 415-2849                 | davecb at canada.sun.com

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba







More information about the samba mailing list